root/xz
1
0
Fork 0
mirror of https://git.tukaani.org/xz.git synced 2025-02-09 02:05:49 +00:00
Code Issues Releases Wiki Activity
xz/src/liblzma/common/lzip_decoder.c

419 lines
11 KiB
C
Raw Normal View History

liblzma: Add .lz (lzip) decompression support (format versions 0 and 1). Support for format version 0 was removed from lzip 1.18 for some reason. .lz format version 0 files are rare (and old) but some source packages were released in this format, and some people might have personal files in this format too. It's very little extra code to support it along side format version 1 so this commits adds support for both. The Sync Flush marker extentension to the original .lz format version 1 isn't supported. It would require changes to the LZMA decoder itself. Such files are very rare anyway. See the API doc for lzma_lzip_decoder() for more details about the .lz format support. Thanks to Michał Górny for the original patch.
2022-10-06 15:50:20 +03:00
///////////////////////////////////////////////////////////////////////////////
//
/// \file lzip_decoder.c
/// \brief Decodes .lz (lzip) files
//
// Author: Michał Górny
// Lasse Collin
//
// This file has been put into the public domain.
// You can do whatever you want with this file.
//
///////////////////////////////////////////////////////////////////////////////
#include "lzip_decoder.h"
#include "lzma_decoder.h"
#include "check.h"
// .lz format version 0 lacks the 64-bit Member size field in the footer.
#define LZIP_V0_FOOTER_SIZE 12
#define LZIP_V1_FOOTER_SIZE 20
#define LZIP_FOOTER_SIZE_MAX LZIP_V1_FOOTER_SIZE
// lc/lp/pb are hardcoded in the .lz format.
#define LZIP_LC 3
#define LZIP_LP 0
#define LZIP_PB 2
typedef struct {
enum {
SEQ_ID_STRING,
SEQ_VERSION,
SEQ_DICT_SIZE,
SEQ_CODER_INIT,
SEQ_LZMA_STREAM,
SEQ_MEMBER_FOOTER,
} sequence;
/// .lz member format version
uint32_t version;
/// CRC32 of the uncompressed data in the .lz member
uint32_t crc32;
/// Uncompressed size of the .lz member
uint64_t uncompressed_size;
/// Compressed size of the .lz member
uint64_t member_size;
/// Memory usage limit
uint64_t memlimit;
/// Amount of memory actually needed
uint64_t memusage;
/// If true, LZMA_GET_CHECK is returned after decoding the header
/// fields. As all files use CRC32 this is redundant but it's
/// implemented anyway since the initialization functions supports
/// all other flags in addition to LZMA_TELL_ANY_CHECK.
bool tell_any_check;
/// If true, we won't calculate or verify the CRC32 of
/// the uncompressed data.
bool ignore_check;
/// If true, we will decode concatenated .lz members and stop if
/// non-.lz data is seen after at least one member has been
/// successfully decoded.
bool concatenated;
/// When decoding concatenated .lz members, this is true as long as
/// we are decoding the first .lz member. This is needed to avoid
/// incorrect LZMA_FORMAT_ERROR in case there is non-.lz data at
/// the end of the file.
bool first_member;
/// Reading position in the header and footer fields
size_t pos;
/// Buffer to hold the .lz footer fields
uint8_t buffer[LZIP_FOOTER_SIZE_MAX];
/// Options decoded from the .lz header that needed to initialize
/// the LZMA1 decoder.
lzma_options_lzma options;
/// LZMA1 decoder
lzma_next_coder lzma_decoder;
} lzma_lzip_coder;
static lzma_ret
lzip_decode(void *coder_ptr, const lzma_allocator *allocator,
const uint8_t *restrict in, size_t *restrict in_pos,
size_t in_size, uint8_t *restrict out,
size_t *restrict out_pos, size_t out_size, lzma_action action)
{
lzma_lzip_coder *coder = coder_ptr;
while (true)
switch (coder->sequence) {
case SEQ_ID_STRING: {
// The "ID string" or magic bytes are "LZIP" in US-ASCII.
const uint8_t lzip_id_string[4] = { 0x4C, 0x5A, 0x49, 0x50 };
while (coder->pos < sizeof(lzip_id_string)) {
if (*in_pos >= in_size) {
// If we are on the 2nd+ concatenated member
// and the input ends before we can read
// the magic bytes, we discard the bytes that
// were already read (up to 3) and finish.
// See the reasoning below.
return !coder->first_member
&& action == LZMA_FINISH
? LZMA_STREAM_END : LZMA_OK;
}
if (in[*in_pos] != lzip_id_string[coder->pos]) {
// The .lz format allows putting non-.lz data
// at the end of the file. If we have seen
// at least one valid .lz member already,
// then we won't consume the byte at *in_pos
// and will return LZMA_STREAM_END. This way
// apps can easily locate and read the non-.lz
// data after the .lz member(s).
//
// NOTE: If the first 1-3 bytes of the non-.lz
// data match the .lz ID string then the first
// 1-3 bytes of the junk will get ignored by
// us. If apps want to properly locate the
// trailing data they must ensure that the
// first byte of their custom data isn't the
// same as the first byte of .lz ID string.
// With the liblzma API we cannot rewind the
// input position across calls to lzma_code().
return !coder->first_member
? LZMA_STREAM_END : LZMA_FORMAT_ERROR;
}
++*in_pos;
++coder->pos;
}
coder->pos = 0;
coder->crc32 = 0;
coder->uncompressed_size = 0;
coder->member_size = sizeof(lzip_id_string);
coder->sequence = SEQ_VERSION;
}
// Fall through
case SEQ_VERSION:
if (*in_pos >= in_size)
return LZMA_OK;
coder->version = in[(*in_pos)++];
// We support version 0 and unextended version 1.
if (coder->version > 1)
return LZMA_OPTIONS_ERROR;
++coder->member_size;
coder->sequence = SEQ_DICT_SIZE;
// .lz versions 0 and 1 use CRC32 as the integrity check
// so if the application wanted to know that
// (LZMA_TELL_ANY_CHECK) we can tell it now.
if (coder->tell_any_check)
return LZMA_GET_CHECK;
// Fall through
case SEQ_DICT_SIZE: {
if (*in_pos >= in_size)
return LZMA_OK;
const uint32_t ds = in[(*in_pos)++];
++coder->member_size;
// The five lowest bits are for the base-2 logarithm of
// the dictionary size and the highest three bits are
// the fractional part (0/16 to 7/16) that will be
// substracted to get the final value.
//
// For example, with 0xB5:
// b2log = 21
// fracnum = 5
// dict_size = 2^21 - 2^21 * 5 / 16 = 1408 KiB
const uint32_t b2log = ds & 0x1F;
const uint32_t fracnum = ds >> 5;
// The format versions 0 and 1 allow dictionary size in the
// range [4 KiB, 512 MiB].
if (b2log < 12 || b2log > 29 || (b2log == 12 && fracnum > 0))
return LZMA_DATA_ERROR;
// 2^[b2log] - 2^[b2log] * [fracnum] / 16
// = 2^[b2log] - [fracnum] * 2^([b2log] - 4)
coder->options.dict_size = (UINT32_C(1) << b2log)
- (fracnum << (b2log - 4));
assert(coder->options.dict_size >= 4096);
assert(coder->options.dict_size <= (UINT32_C(512) << 20));
coder->options.preset_dict = NULL;
coder->options.lc = LZIP_LC;
coder->options.lp = LZIP_LP;
coder->options.pb = LZIP_PB;
// Calculate the memory usage.
coder->memusage = lzma_lzma_decoder_memusage(&coder->options)
+ LZMA_MEMUSAGE_BASE;
// Initialization is a separate step because if we return
// LZMA_MEMLIMIT_ERROR we need to be able to restart after
// the memlimit has been increased.
coder->sequence = SEQ_CODER_INIT;
}
// Fall through
case SEQ_CODER_INIT: {
if (coder->memusage > coder->memlimit)
return LZMA_MEMLIMIT_ERROR;
const lzma_filter_info filters[2] = {
{
liblzma: Pass the Filter ID to LZ encoder and decoder. This allows using two Filter IDs with the same initialization function and data structures.
2022-11-27 18:20:33 +02:00
.id = LZMA_FILTER_LZMA1,
liblzma: Add .lz (lzip) decompression support (format versions 0 and 1). Support for format version 0 was removed from lzip 1.18 for some reason. .lz format version 0 files are rare (and old) but some source packages were released in this format, and some people might have personal files in this format too. It's very little extra code to support it along side format version 1 so this commits adds support for both. The Sync Flush marker extentension to the original .lz format version 1 isn't supported. It would require changes to the LZMA decoder itself. Such files are very rare anyway. See the API doc for lzma_lzip_decoder() for more details about the .lz format support. Thanks to Michał Górny for the original patch.
2022-10-06 15:50:20 +03:00
.init = &lzma_lzma_decoder_init,
.options = &coder->options,
}, {
.init = NULL,
}
};
return_if_error(lzma_next_filter_init(&coder->lzma_decoder,
allocator, filters));
coder->crc32 = 0;
coder->sequence = SEQ_LZMA_STREAM;
}
// Fall through
case SEQ_LZMA_STREAM: {
const size_t in_start = *in_pos;
const size_t out_start = *out_pos;
const lzma_ret ret = coder->lzma_decoder.code(
coder->lzma_decoder.coder, allocator,
in, in_pos, in_size, out, out_pos, out_size,
action);
const size_t out_used = *out_pos - out_start;
coder->member_size += *in_pos - in_start;
coder->uncompressed_size += out_used;
liblzma: Avoid null pointer + 0 (undefined behavior in C). In the C99 and C17 standards, section 6.5.6 paragraph 8 means that adding 0 to a null pointer is undefined behavior. As of writing, "clang -fsanitize=undefined" (Clang 15) diagnoses this. However, I'm not aware of any compiler that would take advantage of this when optimizing (Clang 15 included). It's good to avoid this anyway since compilers might some day infer that pointer arithmetic implies that the pointer is not NULL. That is, the following foo() would then unconditionally return 0, even for foo(NULL, 0): void bar(char *a, char *b); int foo(char *a, size_t n) { bar(a, a + n); return a == NULL; } In contrast to C, C++ explicitly allows null pointer + 0. So if the above is compiled as C++ then there is no undefined behavior in the foo(NULL, 0) call. To me it seems that changing the C standard would be the sane thing to do (just add one sentence) as it would ensure that a huge amount of old code won't break in the future. Based on web searches it seems that a large number of codebases (where null pointer + 0 occurs) are being fixed instead to be future-proof in case compilers will some day optimize based on it (like making the above foo(NULL, 0) return 0) which in the worst case will cause security bugs. Some projects don't plan to change it. For example, gnulib and thus many GNU tools currently require that null pointer + 0 is defined: https://lists.gnu.org/archive/html/bug-gnulib/2021-11/msg00000.html https://www.gnu.org/software/gnulib/manual/html_node/Other-portability-assumptions.html In XZ Utils null pointer + 0 issue should be fixed after this commit. This adds a few if-statements and thus branches to avoid null pointer + 0. These check for size > 0 instead of ptr != NULL because this way bugs where size > 0 && ptr == NULL will likely get caught quickly. None of them are in hot spots so it shouldn't matter for performance. A little less readable version would be replacing ptr + offset with offset != 0 ? ptr + offset : ptr or creating a macro for it: #define my_ptr_add(ptr, offset) \ ((offset) != 0 ? ((ptr) + (offset)) : (ptr)) Checking for offset != 0 instead of ptr != NULL allows GCC >= 8.1, Clang >= 7, and Clang-based ICX to optimize it to the very same code as ptr + offset. That is, it won't create a branch. So for hot code this could be a good solution to avoid null pointer + 0. Unfortunately other compilers like ICC 2021 or MSVC 19.33 (VS2022) will create a branch from my_ptr_add(). Thanks to Marcin Kowalczyk for reporting the problem: https://github.com/tukaani-project/xz/issues/36
2023-02-21 22:57:10 +02:00
// Don't update the CRC32 if the integrity check will be
// ignored or if there was no new output. The latter is
// important in case out == NULL to avoid null pointer + 0
// which is undefined behavior.
if (!coder->ignore_check && out_used > 0)
liblzma: Add .lz (lzip) decompression support (format versions 0 and 1). Support for format version 0 was removed from lzip 1.18 for some reason. .lz format version 0 files are rare (and old) but some source packages were released in this format, and some people might have personal files in this format too. It's very little extra code to support it along side format version 1 so this commits adds support for both. The Sync Flush marker extentension to the original .lz format version 1 isn't supported. It would require changes to the LZMA decoder itself. Such files are very rare anyway. See the API doc for lzma_lzip_decoder() for more details about the .lz format support. Thanks to Michał Górny for the original patch.
2022-10-06 15:50:20 +03:00
coder->crc32 = lzma_crc32(out + out_start, out_used,
coder->crc32);
if (ret != LZMA_STREAM_END)
return ret;
coder->sequence = SEQ_MEMBER_FOOTER;
}
// Fall through
case SEQ_MEMBER_FOOTER: {
// The footer of .lz version 0 lacks the Member size field.
// This is the only difference between version 0 and
// unextended version 1 formats.
const size_t footer_size = coder->version == 0
? LZIP_V0_FOOTER_SIZE
: LZIP_V1_FOOTER_SIZE;
// Copy the CRC32, Data size, and Member size fields to
// the internal buffer.
lzma_bufcpy(in, in_pos, in_size, coder->buffer, &coder->pos,
footer_size);
// Return if we didn't get the whole footer yet.
if (coder->pos < footer_size)
return LZMA_OK;
coder->pos = 0;
coder->member_size += footer_size;
// Check that the footer fields match the observed data.
if (!coder->ignore_check
&& coder->crc32 != read32le(&coder->buffer[0]))
return LZMA_DATA_ERROR;
if (coder->uncompressed_size != read64le(&coder->buffer[4]))
return LZMA_DATA_ERROR;
if (coder->version > 0) {
// .lz version 0 has no Member size field.
if (coder->member_size != read64le(&coder->buffer[12]))
return LZMA_DATA_ERROR;
}
// Decoding is finished if we weren't requested to decode
// more than one .lz member.
if (!coder->concatenated)
return LZMA_STREAM_END;
coder->first_member = false;
coder->sequence = SEQ_ID_STRING;
break;
}
default:
assert(0);
return LZMA_PROG_ERROR;
}
// Never reached
}
static void
lzip_decoder_end(void *coder_ptr, const lzma_allocator *allocator)
{
lzma_lzip_coder *coder = coder_ptr;
lzma_next_end(&coder->lzma_decoder, allocator);
lzma_free(coder, allocator);
return;
}
static lzma_check
lzip_decoder_get_check(const void *coder_ptr lzma_attribute((__unused__)))
{
return LZMA_CHECK_CRC32;
}
static lzma_ret
lzip_decoder_memconfig(void *coder_ptr, uint64_t *memusage,
uint64_t *old_memlimit, uint64_t new_memlimit)
{
lzma_lzip_coder *coder = coder_ptr;
*memusage = coder->memusage;
*old_memlimit = coder->memlimit;
if (new_memlimit != 0) {
if (new_memlimit < coder->memusage)
return LZMA_MEMLIMIT_ERROR;
coder->memlimit = new_memlimit;
}
return LZMA_OK;
}
extern lzma_ret
lzma_lzip_decoder_init(
lzma_next_coder *next, const lzma_allocator *allocator,
uint64_t memlimit, uint32_t flags)
{
lzma_next_coder_init(&lzma_lzip_decoder_init, next, allocator);
if (flags & ~LZMA_SUPPORTED_FLAGS)
return LZMA_OPTIONS_ERROR;
lzma_lzip_coder *coder = next->coder;
if (coder == NULL) {
coder = lzma_alloc(sizeof(lzma_lzip_coder), allocator);
if (coder == NULL)
return LZMA_MEM_ERROR;
next->coder = coder;
next->code = &lzip_decode;
next->end = &lzip_decoder_end;
next->get_check = &lzip_decoder_get_check;
next->memconfig = &lzip_decoder_memconfig;
coder->lzma_decoder = LZMA_NEXT_CODER_INIT;
}
coder->sequence = SEQ_ID_STRING;
coder->memlimit = my_max(1, memlimit);
coder->memusage = LZMA_MEMUSAGE_BASE;
coder->tell_any_check = (flags & LZMA_TELL_ANY_CHECK) != 0;
coder->ignore_check = (flags & LZMA_IGNORE_CHECK) != 0;
coder->concatenated = (flags & LZMA_CONCATENATED) != 0;
coder->first_member = true;
coder->pos = 0;
return LZMA_OK;
}
extern LZMA_API(lzma_ret)
lzma_lzip_decoder(lzma_stream *strm, uint64_t memlimit, uint32_t flags)
{
lzma_next_strm_init(lzma_lzip_decoder_init, strm, memlimit, flags);
strm->internal->supported_actions[LZMA_RUN] = true;
strm->internal->supported_actions[LZMA_FINISH] = true;
return LZMA_OK;
}
Reference in New Issue Copy Permalink